Server-Side Request Forgery in PraisonAI Versions Affecting Crawl4AI Backend
CVE-2026-61429
8.4HIGH
What is CVE-2026-61429?
PraisonAI versions prior to 1.6.78 are vulnerable to a Server-Side Request Forgery (SSRF) flaw within the Crawl4AI/Chromium backend. This vulnerability allows attackers to circumvent SSRF validation mechanisms. By exploiting a combination of DNS rebinding and HTTP redirects, attackers can craft specific URLs that redirect to internal services post-validation. This capability may enable unauthorized access to sensitive internal responses, potentially revealing confidential canary values. Organizations using affected versions are urged to upgrade and assess their systems immediately.
Affected Version(s)
PraisonAI 0 < 1.6.78
PraisonAI 1.6.78
